exploitDog

CVE-2024-29220

Опубликовано: 11 апр. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

Ссылки

https://jvn.jp/en/jp/JVN50361500/
Third Party Advisory
https://ninjaforms.com/
Product
https://wordpress.org/plugins/ninja-forms/
Product
https://jvn.jp/en/jp/JVN50361500/
Third Party Advisory
https://ninjaforms.com/
Product
https://wordpress.org/plugins/ninja-forms/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*

Версия до 3.8.1 (исключая)

EPSS

Процентиль: 54%

0.0031

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-72h6-54fg-6qph

CVSS3: 6.1

github

почти 2 года назад

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

EPSS

Процентиль: 54%

0.0031

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79